The present invention relates generally to electronic commerce and more particularly to a method and apparatus for electronic transaction authorization over a network.
One problem regarding Internet e-commerce is that purchasers are generally required to provide personal and confidential information, such as charge card information and charge card billing data to an Internet merchant when purchasing goods or services from that merchant. The merchant, in turn, uses this information to obtain a transaction approval from a charge card authorization processor. The transmission of data from a purchaser""s computer or terminal to the merchant Web site is generally protected by encryption.
However, once under the control of a merchant Web site, this personal data can be sold, rented, or otherwise used for commercial gain. Further, the storage and handling of this sensitive data by computer personnel at the merchant site may lead to unauthorized distribution of the data. Internet merchant sites are targets for hackers who may be able to obtain access to this data. In certain instances, accidental release of the data has been made by errors in the software programs that operate a given Web site. A purchaser who has had personal or charge card information compromised may then be the victim of unauthorized use of their charge cards or, in more severe cases, complete theft of their identity.
Another problem is the fraudulent use of charge cards. Since it is difficult to determine the identity of a remote purchaser, particularly as it relates to ownership of a given charge card, fraudulent charge card use has become popular on the Internet.
An additional problem is the use of E-mail addresses or real billing addresses obtained by a merchant during a purchase transaction. The merchant may continue to send unwanted solicitations to the purchaser long after a transaction is completed. In some cases, the abuse of the E-mail address may include sending the E-mail address to other parties, who may also send unwanted solicitations or xe2x80x9cspamxe2x80x9d to the purchaser.
A distributed real-time software application (referred to herein as xe2x80x9cZixChargexe2x80x9d) is provided that allows consumers to authorize transactions in a secure, private, and convenient manner for the purchase of goods and services over the Internet. The major architectural features of the ZixCharge system include a central repository of consumer data, a charge slip user interface, ZixCharge Web site application interface (hereinafter, ZAPI), a centralized approval service, a worldwide signature server and Internet shopping mall (referred to herein as xe2x80x9cZixMallxe2x80x9d).
The ZixCharge system provides a central repository of consumer charge card information. Each charge card is linked to a specific E-mail address and digital signature. This information is normally provided by card issuing financial institutions and others, but can be entered under certain circumstances directly by consumers. The data is provided by a reputable source (either a card issuer or an individual each of which can be authenticated) that can irrefutably link a consumer""s identity with their charge card information. The central repository is used to obtain a charge authorization without providing any personal information to the merchant.
The ZixCharge system provides a charge slip interface that allows a consumer to digitally sign for a purchasexe2x80x94just as the consumer would do in a retail store. The charge slip can be initiated by the merchant site, and can include the merchant logo, detailed purchase information, merchant advertising, and other information. The charge slip interface can be used by a consumer to select the payment type (if appropriate), shipping address options, and a method for merchant communications regarding the purchase. Once digitally signed, the charge slip information, including a certified time-stamp, is returned to the merchant Web site, but it cannot be opened or read there. It is fully encrypted so that only the ZixCharge central repository can read it.
The ZixCharge system includes a merchant to consumer interface, ZAPI, that resides on the merchant Web site. ZAPI provides all communication services between the merchant and the consumer during the charge slip portion of an authorization, and between the merchant and the central repository. ZAPI can be configured to offer a consumer who has failed an authorization, due to credit limits or other causes, the opportunity to select a different payment type in order to complete the transaction. After a transaction is approved, ZAPI provides the merchant with approval and shipping information. The merchant system can complete the transaction and fulfillment just as if the approval had been obtained directly by the merchant. ZAPI also ensures the transaction""s validity. ZAPI combines three items, a certified time-stamp, the xe2x80x9chashxe2x80x9d of the charge slip information and the returned encrypted charge slip from the consumer. ZAPI digitally signs the combination with the merchant""s digital signature before sending the transaction to the central repository.
The ZixCharge system provides charge approval services at the central repository. All incoming charge slips are decrypted, validated by the previously mentioned xe2x80x9chash,xe2x80x9d and authenticated by verifying the digital signatures of both the merchant and the consumer. The central repository formats an authorization message containing the required information to obtain a charge card authorization on behalf of both the consumer and the merchant and then forwards the-message to a charge card processor, normally over dedicated communication lines. Upon receiving approval, or not, for the authorization, the central repository sends the authorization information back to ZAPI at the merchant Web site. If a successful authorization has been obtained, the returned information will include any consumer authorized shipping information. E-mail communications for any transaction specific information is normally sent to the central repository and then forwarded to the consumer. This process allows the consumer to keep their respective E-mail address private. The merchant is also given a ZixCharge member ID. This enables the merchant to aggregate transactions for marketing purposes and to communicate with the consumer through the ID, but still protects the consumer""s actual identity. The consumer can optionally block the forwarding of messages sent to the member ID.
The ZixCharge system utilizes a worldwide signature. server (central key server). The central key server, which can be distributed, allows the ZixCharge system to instantly authenticate both the merchant and the consumer in a transaction. The central key server further ensures that a given digital signature has not been revoked, suspended, changed or deleted. The central signature server also responds to requests for and issues certified time-stamps. The time-stamp certificate can be self-authenticated (authenticated by at least one signature whose public key is known) and is impossible to tamper with or change. This provides further authentication and validation.
The ZixCharge system can include an optional Internet shopping portal (referred to hereafter as the xe2x80x9cZixMallxe2x80x9d). Merchants who accept payment, or allow other types of transaction authorizations, using the ZixCharge system, may be listed in the ZixMall. When consumers shop through the ZixMall, they are assured that the merchant respects their privacy and is willing to sell merchandise or services to them without collecting unnecessary personal information.
Aspects of the invention can include one or more of the following advantages. A distributed real-time software application (referred to herein as xe2x80x9cZixChargexe2x80x9d) is provided that allows consumers to authorize transactions in a secure, private, and convenient manner for the purchase of goods and services over the Internet. The system allows consumers to complete purchase transactions without merchants obtaining personal and charge card information from the consumer. ZixCharge transactions have three major participants: consumers, merchants and charge card issuers. Each of these participants benefits from the use of ZixCharge.
Consumers benefit by having personal and credit card information, and purchasing histories kept confidential. Because fewer Web sites have the consumer""s information, there is less chance of their identities or their credit cards being used by others. Consumers also have the convenience of only having to digitally xe2x80x9csignxe2x80x9d a charge slip in order to complete a purchase.
Merchants benefit by realizing a dramatic reduction in fraudulent transactions. The reduction can be attributed to the use of digital signatures on charge slips which positively identify a party to a transaction. Merchants accepting ZixCharge transactions will have access to large numbers of Internet consumers who are members of the ZixCharge system. Many of the ZixCharge members will be new to Internet shoppingxe2x80x94in factxe2x80x94shopping only because ZixCharge protects their confidential information.
Card issuers benefit in numerous ways. Using the ZixCharge system, card issuers can control the dissemination (and abuse) of cardholder information and foster brand loyalty and goodwill with consumers. These types of features can be used by card issuers to differentiate their cards from the competition allowing them to retain existing and obtain new cardholders. In addition, card issuers can re-enforce their identity with prominent logo placement (display) throughout the purchase process. Finally, card issuers can realize new revenue from ZixCharge fees. These and other advantages will be readily apparent from the description below.